Rick McGuire wrote:
This is an issue that came up with the vote on 1.0 Yoko release. The
new release process detailed at
http://cwiki.apache.org/confluence/display/GMOxPMGT/Geronimo+release+process
generates a bunch of extra artifacts that are .md5 and sha1 signatures
for the .asc files. So, for every jar file, you will get a .asc file,
plus additional asc.md5 and asc.sha1 files.
In our old release process, one of the steps was to erase all of the
*.asc.* files before staging the release for a vote. Now that this is
done automatically by using the plugins, these extra artifacts get
included, and even get staged to the repos. For example, see the
artifacts that got published for the last javamail release, which was
the most recent release to use this process:
http://repo1.maven.org/maven2/org/apache/geronimo/javamail/geronimo-javamail_1.4_provider/1.4/
Should our release process include the step to delete these additional
files? Or should this be something that should/could be fixed in the
plugin so that these extraneous files don't get included accidentally?
I had the same question when I released javamail. After some thought I
decided that the extra files didn't hurt anything and provide some
measure of additional security in that you could (and perhaps should)
verify that the asc files themselves haven't been corrupted.
Joe
